Akamai has only milliseconds to apply detection algorithms and decide whether a user request to a protected website is malicious. These detections rely on machine learning (ML) models and heuristic analyses, both probabilistic by nature, operating within a constantly evolving cyberattack landscape. False negatives (FNs) and false positives (FPs) are therefore inevitable. To remain effective, deeper analyses — such as model evaluation, tuning, retraining, and detection refinement — must occur outside the real-time request processing path. Traditionally, this “second line of defense” was handled by data scientists who developed and maintained models through highly manual craft-like processes. These workflows were often ad hoc, loosely defined, nondeterministic, and prone to error. As a result, changes could easily introduce new or different FNs and FPs, requiring lengthy monitoring periods before being safely enabled in production.…